The new European General Data Protection Regulation (GDPR) will be enforced in two years, but that is a relatively short period of time for businesses to assess the new requirements, evaluate existing measures and plan a path to full compliance.

After the sanity check with the team that constructed the threat scenarios, you and your HIPAA consultant need to calculate your Value at Risk. Calculating VaR will help shed light on where to save money and where to spend money...

In the last decade the number of cyber incidents related to technologies that surround us is growth exponentially, the principal concerns are related to all those objects with an "intelligent component" that we daily use expose on internet for different purposes...

Ultimately this is critical stuff. If we don’t want to find ourselves wandering the wastelands searching for food and water fighting off marauding bands of marauders (is that redundant?) its important for these ninjas to get it right and keep the pirates at bay...

Like in many matters involving science and technology, scientists and technologists should be brought into future deliberations on cyber legislation. The technologists that make the Internet operate and the security experts that battle to defend it need to be brought to the table...

"Disciplines related to IPR could impact how people gain access to the Internet and could constrain what people may say online or how they can collaborate and share content. It is imperative that the IPR chapter of the proposed TPP agreement not inappropriately constrain online activity..."

Forcing utility operators, banks, and earth resources companies to comply with frameworks based on outmoded asset and vulnerability methodologies will distract them from implementing threat based defenses. The Executive Order, if issued, will do much more harm than good...

Maine has been one of the most aggressive states to pursue widespread implementation of smart utility meters for customers throughout the state, but not all utility customers have embraced smart meters despite consumers concerns over privacy issues...

An international treaty and regulatory body will not gain much traction in the military academies and think tanks around the world. Why restrict a nation’s options in war fighting – especially when cyber weapons are inexpensive and could reduce the overall level of force required to achieve an end goal?

As social media becomes part of the continuum of interaction in the physical and virtual worlds, privacy becomes an issue of discretionary disclosure control. Online privacy and patient privacy will evolve into a market for products and services with stratified pricing, packaging and product positioning...

The intellectual property (IP) chapter would have negative ramifications for freedom and innovation and second, the process has shut out multi-stakeholder participation and is shrouded in secrecy. The TPP is a threat because it rewrites global rules on IP enforcement and restrict the public domain...

The proposed modifications to the definitions of "operator" and "website or online service directed to children" address commenters’ concerns related to the use of third party advertising networks and downloadable software kits, or plug ins, that collect personal information through child-directed websites...

This typical reaction I get in the US is many organizations see compliance as a “tax” and try to get away with doing the bare minimum. How do you and your organizations view compliance? Do you see it as a four-letter word, a nuisance, or as a step along the path to more effective security?

Although privacy advocates and federal regulators and legislators have primarily been focusing on consumer privacy issues, such as behavioral advertising and data mining, the significant changes in workplace privacy protections demand continued vigilance from employers...